Step by step, my CP self-registration is going on but there is one thing I can't achieved. I would like that the guests can connect only one hour on the wifi and then are disconnected. I dont' want that the account expire, only the session. So the guests can login again with the same account. Is it possible ?
In addition, I'd like to manage a five minutes break between each sessions ?
I haven't tried this myself, but I wonder if it's possible to use the RADIUS attributes Session-Timeout and Terminate-Action to set the session time and then force reauthentication? I'm not sure if the controller will allow the session timeout to be set by a RADIUS server, but this is certainly possible on a Cisco switch.
Well - what is really your point behind making them re-connect?
Is it the option to re-direct them to a landing portal with some info or ads you want them to see/click on?
Depending on what you want to achieve I would just save the user the hassle, and just have them re-register to get a new password. The account will by default auto-update with a new password anyways, and not overwrite any parameter not filled in..
But - that said...
I haven't tried this myself, but you could most likely create a variation of the Enforcement Policy "Standard Guest Access" with a rule that terminates the session if more than 1 hour since last authentication.
Inserted screenshot for configuration
Note that if the user has already timed out in the Aruba Session ie. he has been idle more than 5 minutes (or whatever you've set user idle timeout to be) he will have to be re-authenticated through the portal anyways.
Also.. You might want to use MAC-authentication and do the termination part there instead. Just same kind of rule starting out with the "MAC-caching 24hours" policy.
Try it and let us know how it works out for you.
I want to avoid guests to download movies or massive stuffs as IAPs are used as hotspot.
I have tried to create a variation of the Enforcement Policy "Standard Guest Access" but I can't add the operator "GREATER_THAN_OR_EQUALS" => value is not correct.
Ok for the quota, so I need to make a new Enforcement Profile ?
It saves fine for me - as you can see in the screenshot. Perhaps you've chosen the wrong Type?
(Authorization:[Insight Repository]:Hours-Since-Auth GREATER_THAN_OR_EQUALS 1)
But - for your purpose perhaps looking into quotas, bandwidth limits and firewall rules..
To be honest - I don't really know how to do accounting based authentication in CPPM/CPGUEST 6.x.
I used it previously in Amigopod/CP-Guest 3.9.x.
Then it was more or less all described here:
Now - just browsing through the menus I see an Enforcement Profile named "Guest Bandwith Limit". This is already referenced in the "Standard Guest Access" service so just changing the Profile parameter Allowed-Limit to something else should enforce it...
It's a request of my customer but I will try and see about quotas, bandwidth. Can I configure both in CCPM or is it better in the VC of the IAP ?
As you can see, I can't use GREATER_THAN_OR_EQUALS 1.
Ok thanks, I'll try with those tools.
On CPPM, I can see this Enforcement Profiles used by the Guest Access service.
I think it's what I need (session timeout) but I am not sure if it's the session or the account that is timeout. Moreover I don't really understand how works the Value. Can I change it to something like 1 hour ?
Ok so it's not what I want.
I believe that parameter correlates to the Expiry Time of the user account which is set at creation. Changing the value in Enforcement Profile overrides that and doesn't give you the intended effect.
Thanks, I have seen this but don't know how to use it exactly. Can you help me a bit ?
A little up if someone more experienced than me can help to implement this.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.